Current and Important Security News: Firefox 3.0 Vulnerability

The new browser version, which was finally released as non-beta a couple of days ago. In an extreme surprise, users shouldn’tclick on links without all due caution, particularly in e-mails from strangers. I’d advise not taking candy from strangers, either. The most likely thing is visiting a rigged website, although it would be possible to trigger any kind of executable from a link, including downloads–my particular gripe with Firefox, because I’ve initiated downloads myself that I could have easily missed if I’d done something by mistake. I haven’t really poked around a lot to disable the download manager but in this iteration couldn’t do it easily. As is I’m completely sold on Avant. I also find myself nearly regretting I’m saying that, because if it becomes deservedly popular it’s going to get heavily attacked.

This bug was also present in 2.0, so while if whatever it is happens it’s rated potentially severe it’s evidently unlikely. Be careful typing in any web names, because a lot of hacking is based on typos (“typo-squatting”).